Skip to content

Merge main into releases/v4 #3371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
henrymercer merged 39 commits into from
Dec 16, 2025
Merged

Merge main into releases/v4 #3371

henrymercer merged 39 commits into from
Dec 16, 2025

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Dec 16, 2025

Merging 998798e into releases/v4.

Conductor for this PR is @henrymercer.

Contains the following pull requests:

Please do the following:

  • Ensure the CHANGELOG displays the correct version and date.
  • Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
  • Check that there are not any unexpected commits being merged into the releases/v4 branch.
  • Ensure the docs team is aware of any documentation changes that need to be released.
  • Mark the PR as ready for review to trigger the full set of PR checks.
  • Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.
  • Merge the mergeback PR that will automatically be created once this PR is merged.
  • Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.

dependabot bot and others added 30 commits December 8, 2025 17:02
@dependabot
Bump the npm-minor group with 5 updates
0ffebf7 
Bumps the npm-minor group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.2` | `1.3.3` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.48.0` | `8.48.1` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.48.0` | `8.48.1` |
| [esbuild](https://github.com/evanw/esbuild) | `0.27.0` | `0.27.1` |
| [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) | `61.4.1` | `61.5.0` |


Updates `node-forge` from 1.3.2 to 1.3.3
- [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md)
- [Commits](digitalbazaar/forge@v1.3.2...v1.3.3)

Updates `@typescript-eslint/eslint-plugin` from 8.48.0 to 8.48.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.48.1/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.48.0 to 8.48.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.48.1/packages/parser)

Updates `esbuild` from 0.27.0 to 0.27.1
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.27.0...v0.27.1)

Updates `eslint-plugin-jsdoc` from 61.4.1 to 61.5.0
- [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases)
- [Commits](gajus/eslint-plugin-jsdoc@v61.4.1...v61.5.0)

---
updated-dependencies:
- dependency-name: node-forge
  dependency-version: 1.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.48.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.48.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: esbuild
  dependency-version: 0.27.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor
- dependency-name: eslint-plugin-jsdoc
  dependency-version: 61.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
Rebuild
b73d396
@dependabot
Bump the actions-minor group across 1 directory with 2 updates
44570be 
Bumps the actions-minor group with 2 updates in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.268.0 to 1.269.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](ruby/setup-ruby@8aeb6ff...d697be2)

Updates `actions/create-github-app-token` from 2.2.0 to 2.2.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](actions/create-github-app-token@v2.2.0...v2.2.1)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.269.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
- dependency-name: actions/create-github-app-token
  dependency-version: 2.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
Rebuild
cd48547
@henrymercer
Determine CodeQL version from feature flags on GHEC-DR
7a55ffe
@henrymercer
Rename GHE_DOTCOM to GHEC_DR
1fc7d37 
This more closely reflects the published naming https://docs.github.com/en/enterprise-cloud@latest/admin/data-residency/about-github-enterprise-cloud-with-data-residency
@henrymercer
Update PR template to include GHEC-DR
da50124
@nickrolfe
Clean up JavaMinimizeDependencyJars feature flag
805b7e1
@github-actions
Update changelog and version after v4.31.8
4564f5e
@github-actions
Rebuild
65bad62
@oscarsj
Merge pull request #3356 from github/mergeback/v4.31.8-to-main-1b168cd3
4b675e4 
Mergeback v4.31.8 refs/heads/releases/v4 into main
@henrymercer
Return status report from cleanupAndUploadDatabases
8e921c3
@henrymercer
Populate database upload results telemetry
5d063dd
@henrymercer
Merge branch 'main' into dependabot/npm_and_yarn/npm-minor-38a2a793c5
2ac846d
@henrymercer
Merge pull request #3348 from github/dependabot/npm_and_yarn/npm-mino…
0264b51 
…r-38a2a793c5

Bump the npm-minor group with 5 updates
@henrymercer
Merge pull request #3349 from github/dependabot/github_actions/dot-gi…
7e0b77e 
…thub/workflows/actions-minor-dc476f2f5b

Bump the actions-minor group across 1 directory with 2 updates
@mbg
Make postProcessAndUploadSarif the default
b1dea65
@mbg
Remove AnalyzeUseNewUpload FF
009fe6b
@mbg
Merge branch 'main' into mbg/ff/make-new-upload-default
b30cb9a
@dependabot
Bump ruby/setup-ruby
a539068 
Bumps the actions-minor group with 1 update in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).


Updates `ruby/setup-ruby` from 1.269.0 to 1.270.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](ruby/setup-ruby@d697be2...ac793fd)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.270.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump actions/download-artifact from 6 to 7 in /.github/workflows
6dbc22c 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v6...v7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump actions/upload-artifact from 5 to 6 in /.github/workflows
034374e 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions
Rebuild
d6c1a79
@github-actions
Rebuild
7fd7db3
@mbg
Merge pull request #3309 from github/mbg/ff/make-new-upload-default
a682bbe 
Remove `AnalyzeUseNewUpload` FF and make its behaviour the default
@mbg
Merge pull request #3366 from github/dependabot/github_actions/dot-gi…
07cd437 
…thub/workflows/actions/upload-artifact-6

Bump actions/upload-artifact from 5 to 6 in /.github/workflows
@mbg
Merge pull request #3364 from github/dependabot/github_actions/dot-gi…
d0ad1da 
…thub/workflows/actions-minor-8751820eb1

Bump ruby/setup-ruby from 1.269.0 to 1.270.0 in /.github/workflows in the actions-minor group across 1 directory
@mbg
Merge branch 'main' into dependabot/github_actions/dot-github/workflo…
c2d4383 
…ws/actions/download-artifact-7
@mbg
Merge pull request #3365 from github/dependabot/github_actions/dot-gi…
b5e1a28 
…thub/workflows/actions/download-artifact-7

Bump actions/download-artifact from 6 to 7 in /.github/workflows
@henrymercer
Use full names for GitHub variants
a2ee53c
@henrymercer henrymercer marked this pull request as ready for review December 16, 2025 18:02
Copilot AI review requested due to automatic review settings December 16, 2025 18:02
@henrymercer henrymercer requested a review from a team as a code owner December 16, 2025 18:02
@github-actions github-actions bot added the size/L May be hard to review label Dec 16, 2025
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR merges updates from main into the releases/v4 branch, primarily containing dependency updates, internal refactoring to rename GitHub environment variants, and workflow configuration changes. The changes do not affect user-facing functionality.

Reviewed changes

Copilot reviewed 47 out of 48 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/util.ts Refactors GitHub variant enum from numeric to string values with descriptive names
src/util.test.ts Updates tests to use new GitHub variant naming
src/setup-codeql.ts Adjusts logic to use GHES variant check instead of non-DOTCOM check
src/init-action.ts Removes feature flag for Java dependency jar minimization, enables by default based on CodeQL version
src/feature-flags.ts Removes unused feature flags and refactors variant support checking
src/feature-flags.test.ts Updates tests for GHEC-DR and consolidates test cases
src/dependency-caching.ts Removes Java-specific cache key handling logic
src/dependency-caching.test.ts Removes tests for Java minimize dependency jars feature
src/database-upload.ts Adds return type for upload results tracking
src/database-upload.test.ts Updates test expectations for error messages
src/api-client.ts Updates variant name from GHE_DOTCOM to GHEC_DR
src/api-client.test.ts Updates test for GHEC-DR naming
src/analyze-action.ts Removes conditional upload logic, simplifies to single upload path
pr-checks/checks/*.yml Updates action versions (ruby/setup-ruby, actions/upload-artifact)
package.json Bumps version to 4.31.9 and updates dependencies
lib/*.js Generated JavaScript from TypeScript changes
CHANGELOG.md Adds entry for version 4.31.9
.github/workflows/*.yml Updates actions/create-github-app-token and actions/download-artifact versions
.github/pull_request_template.md Clarifies Dotcom environment description

@henrymercer henrymercer merged commit 5d4e8d1 into releases/v4 Dec 16, 2025
234 checks passed
@henrymercer henrymercer deleted the update-v4.31.9-998798e34 branch December 16, 2025 18:30
@github-actions github-actions bot mentioned this pull request Dec 16, 2025
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@henrymercer henrymercer henrymercer approved these changes

Assignees

@henrymercer henrymercer

Labels

size/L May be hard to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@henrymercer @nickrolfe @oscarsj @mbg